Overview

overview

7

Static

static

3

AoN Sylent...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/03/2024, 05:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    AoN Sylenth1 v2.2.1 Installer.exe

  • Size

    40.5MB

  • MD5

    fc0fe3b2d929fab240aa06cdb33315cf

  • SHA1

    165ef57fa4dc4e6b90aaffc9560beae647abb041

  • SHA256

    f7dba59dac37840c22c2f64acc9f465a65a0c196a6cff547f0abe85f0b014d42

  • SHA512

    69528308cf2d9da500a9915ceefecee78073ead9441d68b2f0cad1d6614d4d8e92ca8d63d85963866b99e101814a5f3a6c14df86c95165aa125c721f694165c4

  • SSDEEP

    786432:PRoZlfbGbUupjW/s4IOKo+G5D7jfJoGmMU4NSGvNB6Qywu+P6mc:i6rW97j+G5D7jfJoG0Gr6QDuSc

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AoN Sylenth1 v2.2.1 Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\AoN Sylenth1 v2.2.1 Installer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Users\Admin\AppData\Local\Temp\is-5SH39.tmp\AoN Sylenth1 v2.2.1 Installer.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-5SH39.tmp\AoN Sylenth1 v2.2.1 Installer.tmp" /SL5="$C005E,42118464,410112,C:\Users\Admin\AppData\Local\Temp\AoN Sylenth1 v2.2.1 Installer.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4368
      • C:\Windows\SysWOW64\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lennar Digital Sylenth1 v2.2.1\ReadMe.txt
        3⤵
          PID:2560
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x4f4 0x4c4
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3988

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files\VST Plugins\Sylenth1\is-6AH3R.tmp
            Filesize

            504KB

            MD5

            febbe3f609ac8dea0a707a2193f77253

            SHA1

            ddec2e751f12c01a6c473695f78edbccaef8626c

            SHA256

            3435215e42e6c74b8373750365a815d57eccdd295037bb6c1df80259b997f3c6

            SHA512

            fade1df1fd19bb5f8b573c1353b299c7b63d220aeee75b98c0d09044443ac66439ecdea4169bd28202a779d5c3f717c1a603c6e495b48b7fcd29d76e2b86e16c

            Download Submit

          • C:\Program Files\VST Plugins\Sylenth1\is-FD1BR.tmp
            Filesize

            504KB

            MD5

            8554a04c30b2b44c952fb39a5804d6df

            SHA1

            f8aec607d1bd515a05c302d4f77f09caf9552cf0

            SHA256

            3dbc797117fc7b5fc571c7cb7b9412d6c2e45770d350879d4d12ccccfa1218bb

            SHA512

            7c6680545737f6ef9135c635da086cd1ce1475e0356bc1a85747469554766edaf1aa10f02ed1fbbd363caea9ee363d3164f09907da5fc68d50cdf6cb5e34c96d

            Download Submit

          • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lennar Digital Sylenth1 v2.2.1\ReadMe.txt
            Filesize

            64KB

            MD5

            dbbde57d782da3821446b998d37ac702

            SHA1

            305d6ab41572e9b07723ff59d5ae3be4ce28a2ea

            SHA256

            8619795a9898317d819e0a9d6581964717876ce4423509685f67c54f2d109d99

            SHA512

            27ee7b6ed3b1ca57760882a9c6be09b29c164382484cca334ded5b88eb75a18df8e0678ada828ef4781726defc0fe6489b6543595f575ed1e442c50e013bcb25

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\is-5SH39.tmp\AoN Sylenth1 v2.2.1 Installer.tmp
            Filesize

            708KB

            MD5

            d9a3c80228901e130cf149acd355933e

            SHA1

            ae046990b4d43a774c03ee29a3caf26a3d6bb309

            SHA256

            42fa0493ae2ce52279d856ee9f770e4ed67cab732a9172080fe315a98286bdf8

            SHA512

            05b3de381574f6a793c894f3d8614b4247268b75ebbaba18050690f67fc9bf5f4301b59d281b1d1503e45f8a606448b6a6ff21faf8a2941ca87619ddb4d5f540

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\is-5SH39.tmp\AoN Sylenth1 v2.2.1 Installer.tmp
            Filesize

            1.0MB

            MD5

            a4af8f6006d695f3ee18ba09ab05b29f

            SHA1

            10e6a3db7013604a20de433e616eff8d51e804a5

            SHA256

            555c51ea7cab4a88e112b3ed4f03c2e073741fda94c683606545f712b8e6469a

            SHA512

            bea89e5258043d4095cf2c717cacbb0fecd96823a0feb1afc1db377aa8c1b44cee2537a441d012fc3f9f3477c0f4b115eb2cd7b51bdd1100000d16423f470648

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\is-QQLGJ.tmp\Style.cjstyles
            Filesize

            728KB

            MD5

            04915d39840c9406d1e9347c0eafd7b7

            SHA1

            435056f42e1e18e187d4abbb6d755c1a4f309f6d

            SHA256

            cc26d305824288a1c43c1c35cf8f456c5b19effaa39475f5179d372c4a06eef5

            SHA512

            677476971f40c8f4cc8bd67a9929e21d93802c376ab67670f5a4e9760339796cf872644920d26118631c44857ac254aaf62b0d3fbc7d04ddd30cb04d99f80185

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\is-QQLGJ.tmp\bass.dll
            Filesize

            101KB

            MD5

            40556d35a0fe6c7aa37e1c01b43ad333

            SHA1

            fc0412a134195fe0929f6967e2ba57081aaa5d77

            SHA256

            34d8e73b4fbd8d80388a2af257c1db3e88fe79b206deab4f7cd365e31ccce93b

            SHA512

            9f6b42f45f03b955d964f3adcbdc7c8b9d2abd7338f5814606e185ede849a6ee72cfd0b1e261ccc0aa6924fcdf357339452057ae53a009b567ab331b9cb37bbf

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\is-QQLGJ.tmp\isskin.dll
            Filesize

            385KB

            MD5

            92c2e247392e0e02261dea67e1bb1a5e

            SHA1

            db72fed8771364bf8039b2bc83ed01dda2908554

            SHA256

            25fdb94e386f8a41f10aba00ed092a91b878339f8e256a7252b11169122b0a68

            SHA512

            e938d2a1870ccb437d818b5301e6ecffaa6efbf4f0122e1a1ae0981057d7d0376039ea927c6fd326456da2d6904803fca26b87245367a4c5de2aebc47bdcd4b5

            Download Submit

          • memory/2208-0-0x0000000000400000-0x000000000046B000-memory.dmp

            Filesize

            428KB

            Download

          • memory/2208-3369-0x0000000000400000-0x000000000046B000-memory.dmp

            Filesize

            428KB

            Download

          • memory/2208-159-0x0000000000400000-0x000000000046B000-memory.dmp

            Filesize

            428KB

            Download

          • memory/4368-51-0x0000000010000000-0x0000000010060000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4368-56-0x0000000073E20000-0x0000000073F44000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/4368-25-0x00000000761A0000-0x000000007621A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/4368-27-0x00000000761A0000-0x000000007621A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/4368-26-0x0000000010000000-0x0000000010060000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4368-28-0x0000000075980000-0x00000000759A5000-memory.dmp

            Filesize

            148KB

            Download

          • memory/4368-29-0x0000000010000000-0x0000000010060000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4368-30-0x00000000761A0000-0x000000007621A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/4368-31-0x0000000075980000-0x00000000759A5000-memory.dmp

            Filesize

            148KB

            Download

          • memory/4368-32-0x0000000073FE0000-0x0000000074010000-memory.dmp

            Filesize

            192KB

            Download

          • memory/4368-34-0x0000000010000000-0x0000000010060000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4368-36-0x0000000010000000-0x0000000010060000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4368-37-0x0000000073E20000-0x0000000073F44000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/4368-35-0x0000000075980000-0x00000000759A5000-memory.dmp

            Filesize

            148KB

            Download

          • memory/4368-39-0x0000000075B10000-0x0000000075BF3000-memory.dmp

            Filesize

            908KB

            Download

          • memory/4368-40-0x0000000074CE0000-0x0000000074EF0000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/4368-38-0x0000000010000000-0x0000000010060000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4368-33-0x0000000010000000-0x0000000010060000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4368-42-0x0000000075530000-0x00000000755DF000-memory.dmp

            Filesize

            700KB

            Download

          • memory/4368-41-0x0000000076300000-0x00000000768B3000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/4368-44-0x0000000075730000-0x000000007580C000-memory.dmp

            Filesize

            880KB

            Download

          • memory/4368-43-0x0000000010000000-0x0000000010060000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4368-45-0x0000000075B10000-0x0000000075BF3000-memory.dmp

            Filesize

            908KB

            Download

          • memory/4368-47-0x0000000076300000-0x00000000768B3000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/4368-46-0x0000000074CE0000-0x0000000074EF0000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/4368-49-0x0000000074C60000-0x0000000074CD4000-memory.dmp

            Filesize

            464KB

            Download

          • memory/4368-48-0x0000000075530000-0x00000000755DF000-memory.dmp

            Filesize

            700KB

            Download

          • memory/4368-22-0x0000000010000000-0x0000000010060000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4368-50-0x0000000073E20000-0x0000000073F44000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/4368-52-0x0000000074CE0000-0x0000000074EF0000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/4368-53-0x0000000076300000-0x00000000768B3000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/4368-54-0x0000000075530000-0x00000000755DF000-memory.dmp

            Filesize

            700KB

            Download

          • memory/4368-55-0x0000000074C60000-0x0000000074CD4000-memory.dmp

            Filesize

            464KB

            Download

          • memory/4368-24-0x0000000010000000-0x0000000010060000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4368-58-0x0000000074CE0000-0x0000000074EF0000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/4368-57-0x0000000010000000-0x0000000010060000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4368-59-0x0000000076300000-0x00000000768B3000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/4368-60-0x0000000075530000-0x00000000755DF000-memory.dmp

            Filesize

            700KB

            Download

          • memory/4368-61-0x0000000075980000-0x00000000759A5000-memory.dmp

            Filesize

            148KB

            Download

          • memory/4368-62-0x0000000074C60000-0x0000000074CD4000-memory.dmp

            Filesize

            464KB

            Download

          • memory/4368-63-0x0000000073E20000-0x0000000073F44000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/4368-64-0x0000000010000000-0x0000000010060000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4368-66-0x0000000076300000-0x00000000768B3000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/4368-65-0x0000000074CE0000-0x0000000074EF0000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/4368-67-0x0000000075530000-0x00000000755DF000-memory.dmp

            Filesize

            700KB

            Download

          • memory/4368-68-0x0000000074C60000-0x0000000074CD4000-memory.dmp

            Filesize

            464KB

            Download

          • memory/4368-69-0x0000000073E20000-0x0000000073F44000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/4368-70-0x0000000010000000-0x0000000010060000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4368-71-0x0000000075730000-0x000000007580C000-memory.dmp

            Filesize

            880KB

            Download

          • memory/4368-72-0x0000000075B10000-0x0000000075BF3000-memory.dmp

            Filesize

            908KB

            Download

          • memory/4368-73-0x0000000074CE0000-0x0000000074EF0000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/4368-74-0x0000000076300000-0x00000000768B3000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/4368-75-0x0000000075530000-0x00000000755DF000-memory.dmp

            Filesize

            700KB

            Download

          • memory/4368-76-0x0000000074C60000-0x0000000074CD4000-memory.dmp

            Filesize

            464KB

            Download

          • memory/4368-77-0x0000000073E20000-0x0000000073F44000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/4368-78-0x0000000010000000-0x0000000010060000-memory.dmp

            Filesize

            384KB

            Download

          • memory/4368-79-0x0000000074CE0000-0x0000000074EF0000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/4368-23-0x00000000761A0000-0x000000007621A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/4368-80-0x0000000076300000-0x00000000768B3000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/4368-161-0x0000000000630000-0x0000000000631000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4368-163-0x00000000032F0000-0x0000000003307000-memory.dmp

            Filesize

            92KB

            Download

          • memory/4368-21-0x00000000761A0000-0x000000007621A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/4368-13-0x00000000032F0000-0x0000000003307000-memory.dmp

            Filesize

            92KB

            Download

          • memory/4368-14-0x0000000073DD0000-0x0000000073E14000-memory.dmp

            Filesize

            272KB

            Download

          • memory/4368-5-0x0000000000630000-0x0000000000631000-memory.dmp

            Filesize

            4KB

            Download